Help / Info Please. (EFS)

[Mr. Backup]

Help / Info Please.



I am unsure on how to go about adding myself to EFS of all users in the
Domain.

Recently a user encrypted all of his files and then quit from the company,
although I do have a backup of the files. I would like to know how to add
myself to this EFS Policy.



Is there some place on the domain controller that I can force all files that
are encrypted my account is also added to that so that I might undo that
which has been done?



Sorry but I am totally clueless here.

Thanks

 

[Kerry Brown]

Help / Info Please.



I am unsure on how to go about adding myself to EFS of all users in
the Domain.

Recently a user encrypted all of his files and then quit from the
company, although I do have a backup of the files. I would like to
know how to add myself to this EFS Policy.



Is there some place on the domain controller that I can force all
files that are encrypted my account is also added to that so that I
might undo that which has been done?



Sorry but I am totally clueless here.

Thanks

You can make yourself the deignated recovery agent. A better solution is to
setup a special account for this purpose. Document the account and the
procedures needed to use it. That way when you leave the company they will
not be in the same position you are now

http://www.microsoft.com/technet/pr...directory/activedirectory/stepbystep/efs.mspx

http://www.microsoft.com/resources/...proddocs/en-us/encrypt_recovery_overview.mspx

http://technet2.microsoft.com/WindowsServer/en/Library/6db6d205-8334-4fc6-8039-4fe6b81bd3891033.mspx

Kerry

 

[Jan Peter Stotz]

I am unsure on how to go about adding myself to EFS of all users in the
Domain.

Recently a user encrypted all of his files and then quit from the company,
although I do have a backup of the files. I would like to know how to add
myself to this EFS Policy.

That does only work if the use is still "available" and cerforms the
operation "cipher /U" after you added a new EFS Recovery Agent.

Is there some place on the domain controller that I can force all files that
are encrypted my account is also added to that so that I might undo that
which has been done?

You need the client machine on which the user used EFS and the user
password for recovering the user EFS private key.

Jan

 

[Mr. Backup]

Oh No........
Ok this is where I am curently at I made my way down to the Defult Domain
Policy for the domain
I am in the Encrypting File System and there is the name of the old domain
admin whom once worked here as the File Recover Purposes. His account no
longer exists. When i try to addmyself I get the following: The
certificate request could not be completed. The RPC server is unavailable.

 

[Mr. Backup]

I also get this error, it reads:

Add Recovery Agent
The selected user has no certificates suitable for Encrypted File System
Recovery and cannot be added as a recovery agent.

 

[Jan Peter Stotz]

I also get this error, it reads:

Add Recovery Agent
The selected user has no certificates suitable for Encrypted File System
Recovery and cannot be added as a recovery agent.

You have to create a special one for that purpose by executing

cipher.exe /R:<filename>

Jan

 

[socrtwo]

http://www.elcomsoft.com/prs.html#aefsdr - "A program to recover
(decrypt) files encrypted on NTFS (EFS) partitions created in Windows
2000, Windows XP and Windows Server 2003. Files are being decrypted
even in a case when the system is not bootable and so you cannot log
on, and/or some encryption keys (private or master) have been tampered.
Besides, decryption is possible even when Windows is protected using
SYSKEY. AEFSDR effectively (and instantly) decrypts the files protected
under all versions of Windows Server 2003 (Standard and Enterprise),
Windows XP (including Service Packs 1 and 2) and Windows 2000
(including Service Packs 1, 2, 3 and 4). Registered version costs $99
(personal license) or $199 (business license)."

http://www.lostpassword.com/efs.htm - "EFS Key retrieves EFS-encrypted
files from NTFS partitions. To retrieve the files, the encryption
password must be known or SAM database must be present.EFS Key user
interface is similar to Windows Explorer. User can browse disk
contents, then drag and drop files to a new location. Encrypted files
are decoded in the process of copying. Features
Supported file systems: NTFS 1.1, NTFS 5.0
Supported operating systems: Windows XP, 2000
Requirements
Encryption password must be known or SAM database must be present
(Windows 2000)
User must have administrator privileges"

socrtwo
www.s2services.com

 

[Steven L Umbach]

You need to export your RA certificate to a .cer file [ select do not export
private key] and then point to that file as the RA in Group Policy. If you
do not have a Certificate Authority you can use cipher /R on an XP Pro
computer to generate a RA certificate/private key. FYI the already
encrypted EFS files in the domain may not be updated unless the user uses
cipher /U to update their EFS files or they open their EFS files. ---
Steve